Bugtraq mailing list archives
Re: another Xlib buffer overflow
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert () uumail gov bc ca>
Date: Mon, 16 Oct 2000 05:01:34 -0700
In message <14823.32893.941728.85487 () laas fr>, Matthieu Herrb writes:
You wrote (in your message from Friday 13) > > Vulnerable object: XFree 3.3.x Xlib (no data on 4.0.x); no mention of fix > in "security issues" page at www.xfree86.org. > It was fixed in XFree86 4.0. From the CHANGELOG: XFree86 3.9Nu (13 January 1999) [...] 2141. Fix some sun_path overflows in xtrans.
It doesn't appear to be fixed in 3.3.6:
cwsys$ DISPLAY=:`perl -e '{print "0"x128}'` xterm
Segmentation fault
cwsys$
Exploit anyone?
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/DEC Team Internet: Cy.Schubert () osg gov bc ca
Open Systems Group, ITSD, ISTA
Province of BC
Current thread:
- another Xlib buffer overflow Michal Zalewski (Oct 13)
- Re: another Xlib buffer overflow Matthieu Herrb (Oct 15)
- Re: another Xlib buffer overflow Kris Kennaway (Oct 16)
- Re: another Xlib buffer overflow Chris Evans (Oct 25)
- Re: another Xlib buffer overflow Cy Schubert - ITSD Open Systems Group (Oct 16)
- Re: another Xlib buffer overflow Kris Kennaway (Oct 16)
- <Possible follow-ups>
- Re: another Xlib buffer overflow Robert van der Meulen (Oct 15)
- Re: another Xlib buffer overflow Michal Zalewski (Oct 15)
- Re: another Xlib buffer overflow Matthieu Herrb (Oct 15)